Network Automation at AnsibleFest: That’s How We Role
I am getting super excited about my first ever AnsibleFest! Despite using Ansible for more than five years now, I have never had the opportunity to attend this famed event. I had coworkers from previous employers attend, and they were always excited and invigorated after the conference. October is fast approaching and the energy around the event is growing every day.
I’m especially excited for AnsibleFest 2018 because it will have an entire track dedicated to my favorite subject: Network Automation. Join us for two days (October 2-3) as Ansible network developers, Ansible experts from around the world, partners and community members showcase new functionality, use cases, stories and paths to production. You will hear from the developers who design, create, test and distribute the code. You’ll also hear from industry experts and network operators who create and deploy Ansible Playbooks to manage a variety of network gear and situations.
I’ll highlight two talks I’m especially excited about, to give you an idea of what you’ll learn in the Network Automation track at AnsibleFest 2018.
First up is one of my favorite coworkers, Trishna Guha, talking about the Network-Engine role. Trishna will highlight how Network-Engine extracts data from network devices Continue reading
The “Depend on Docker” Philosophy at Baker Hughes, a GE Company
BHGE is the world’s leading full stream Oil & Gas company on a mission to find better ways to deliver energy to the world. BHGE Digital develops enterprise grade cloud-first SaaS solutions to improve efficiency and reduce non-productive time for the Oil & Gas industry.
In our group, we have developed an analytics-driven product portfolio to enable company-wide digital transformation for our customers. Challenges ranging from predicting the failures of mission-critical industrial assets such as gas turbines to optimizing the conditions of an Electric Submersible Pump (ESP) to increase production, which require building and maintaining sophisticated analytics at scale.
The past few years have taught us this: where there is a whale, there is a way!
We were happy to share our story at DockerCon recently, and wanted to share it here on the Docker blog as well. You can watch the session here:
We face two major challenges in delivering advanced analytics:
- Data silos
We must handle a multitude of data sources that range from disconnected historical datasets to high speed sensor streams. Industrial data volumes and velocities dwarf even the largest ERP implementations as shown below.
Continue reading
Populating New Namespaces Using Heptio Ark
Heptio Ark is a tool designed to backup and restore Kubernetes cluster resources and persistent volumes. As such, it enables users to do a bunch of very useful things like copy cluster resources across cloud providers or replicate environments for development, staging, testing, QA, etc. In this post, I’ll share a slightly different use case for Ark: populating resources into new Kubernetes namespaces.
Kubernetes namespaces, if you’re not familiar, are a way to scope resource names and provide a way to divide cluster resources between multiple resources via resource quotas (see the Kubernetes documentation on namespaces for more details). As such, when you create a new Kubernetes namespace, it’s empty. However, you may have a need or desire to have certain things present in every namespace within a cluster—for example, perhaps you have a set of ExternalName Services that point to resources outside the cluster to make it easier for applications and developers to integrate with external resources. Maybe you have a ConfigMap that developers can use to configure their applications. It could be that you want a particular secret to be present in all new namespaces so that developers don’t need to worry about managing certain credentials. In such Continue reading
Learn More About Docker at VMworld 2018
The Docker team will be at VMworld in Las Vegas next week (Aug. 26-30) to interact with IT leaders and virtualization administrators and share the latest on Docker Enterprise – the leading enterprise-ready container platform that supports your choice of technology stacks, application types, operating systems and infrastructure. Register today to get a guided tour of Docker Enterprise.
Secure Your Legacy, Protect Your Future – See How Docker Works for Windows Server Migrations
Come by Booth #2513 near the Mobility Zone to learn more about container platforms and how Docker Enterprise is the only solution that can help IT migrate applications from Windows Server 2008 to Windows Server 2016 – without recoding!
Windows Server 2008 is approaching End of Support which means security and maintenance patches will be discontinued. Don’t risk your business critical apps with an unpatched and unsupported operating system. Discover the simplest way to move off of Windows Server 2008 (and even Windows Server 2003) with a proven methodology using Docker Enterprise and purpose-built containerization. With Docker, you can:
- Eliminate legacy app security risks and improve reliability
- Make your apps portable and cloud-ready
- Cut costs by 50% from increased server consolidation and operational efficiencies
Stop by, talk to our Continue reading
A Simple Kubernetes Context Switcher
I recently needed to find a simple way of switching between Kubernetes contexts. I already use powerline-go (here’s the GitHub repo), which allows me to display the Kubernetes context in the prompt so I always know which context is the active (current) context. However, switching between contexts using kubectl config set-context <name> isn’t the easiest approach; not to mention it requires merging multiple config files into a single file (which is itself a bit of a task). So, I set out to create a simple Kubernetes context switcher—and here’s the initial results of my efforts.
Before I go any further, I’d like to stress 2 important points. First, I’m not a programmer, so keep that in mind. Second, this is a simple Kubernetes context switcher—it’s not meant to address any and every possible use case out there, nor do I claim any sort of sophistication in the code.
With those disclaimers out of the way, allow me to introduce kcs: the simple Kubernetes context switcher. kcs is built on the idea that it’s easiest to manage Kubernetes contexts in their own files, rather than trying to merge config files. So, it makes the assumption that you’ll store your Continue reading
Automation Everywhere At AnsibleFest austin
AnsibleFest is fast approaching! We couldn’t be more excited to be holding our 13th AnsibleFest in Austin, TX. It must be true that everything is bigger in Texas, because this year's AnsibleFest is on track to be the biggest one ever. We have more sessions, more content, and more opportunities to learn from Ansible, from partners, and from each other. So much more in fact, we have made AnsibleFest a multi-day event for the first time ever.
This year, we have so much content that we’ve created six tracks. Plus, we have a new Getting Started Hub for those of you beginning on your automation journey with Ansible or Red Hat Ansible Tower. If you want to get a deeper dive, we will be offering onsite Ansible Automation and Ansible Network Automation Technical Workshops.
This year’s breakout sessions are split into six tracks of content:
- Best Practices
- Community & Culture
- Technical Deep Dives
- Business Solutions
- Network Automation
- Ansible Integrations
- And more
To give you more insight into what to expect, we will be blogging about each track in the coming weeks. We will highlight some of the most exciting, interesting, and useful content for attendees (although, let’s be honest it’s Continue reading
Bootstrapping an etcd Cluster with TLS using Kubeadm
The etcd distributed key-value store is an integral part of Kubernetes. I first wrote about etcd back in 2014 in this post, but haven’t really discussed it in any great detail since then. However, as part of my recent efforts to dive much deeper into Kubernetes, I needed to revisit etcd. In this post, I wanted to share how to boostrap a new etcd cluster with TLS certificates using kubeadm.
Before I go on, I feel compelled to state that this is certainly not the only way to bootstrap an etcd cluster with TLS certificates. I feel I must also state that nothing in what I’m about to share is new, novel, revolutionary, or unusual. In fact, a fair amount of it is based on these instructions, although this post will focus on using systemd unit files instead of static pods under Kubernetes. I’m simply documenting it here in the hopes of getting the information more broadly disseminated, and to help document my own journey of learning.
Preparing the Systems
Before you bootstrap the etcd cluster, you’ll first need to prepare the nodes for the process. Although I’ll list the steps manually below, in practice you’ll want to Continue reading
Bootstrapping an etcd Cluster with TLS using Kubeadm
The etcd distributed key-value store is an integral part of Kubernetes. I first wrote about etcd back in 2014 in this post, but haven’t really discussed it in any great detail since then. However, as part of my recent efforts to dive much deeper into Kubernetes, I needed to revisit etcd. In this post, I wanted to share how to boostrap a new etcd cluster with TLS certificates using kubeadm.
Before I go on, I feel compelled to state that this is certainly not the only way to bootstrap an etcd cluster with TLS certificates. I feel I must also state that nothing in what I’m about to share is new, novel, revolutionary, or unusual. In fact, a fair amount of it is based on these instructions, although this post will focus on using systemd unit files instead of static pods under Kubernetes. I’m simply documenting it here in the hopes of getting the information more broadly disseminated, and to help document my own journey of learning.
Preparing the Systems
Before you bootstrap the etcd cluster, you’ll first need to prepare the nodes for the process. Although I’ll list the steps manually below, in practice you’ll want to Continue reading
Troubleshooting TLS Certificates
I was recently working on a blog post involving the use of TLS certificates for encryption and authentication, and was running into errors. I’d checked all the “usual suspects”—AWS security groups, host-level firewall rules (via iptables), and the application configuration itself—but still couldn’t get it to work. When I did finally find the error, I figured it was probably worth sharing the commands I used in the event others might find it helpful.
The error was manifesting itself in that I was able to successfully connect to the application (with TLS) on the loopback address, but not the IP address assigned to the network adapter. Using ss -lnt, I verified that the application was listening on all IP addresses (not just loopback), and as I mentioned earlier I had also verified that AWS security groups and host-level firewall weren’t in play. This lead me to believe that there was something wrong with my TLS configuration.
Since the application’s error message was extremely vague (and not even remotely TLS-related), I decided to try using curl to verify that TLS was working correctly. First I ran this command:
curl --cacert /path/to/CA/certificate https://127.0.0.1 -v
After some output, curl Continue reading
Technology Short Take 103
Welcome to Technology Short Take 103, where I’m back yet again with a collection of links and articles from around the World Wide Web (Ha! Bet you haven’t seen that term used in a while!) on various technology areas. Here’s hoping I’ve managed to include something useful to you!
Networking
- Gerald Dykeman shares some information on using Ansible to automate Cisco Meraki.
- If you’re not familiar with VPCs and associated AWS constructs, you should read this article. It’s really good.
- I can’t say that I’ve ever thought about writing a CNI plugin in Bash, but apparently it can be done.
Servers/Hardware
Nothing this time around, sorry!
Security
- Scott McCarty explains sVirt and how it’s used to isolate Linux containers. You may also find this related article (linked within Scott’s post) to be helpful.
- Andrew Martin has a write-up with security recommendations for your Kubernetes clusters.
Cloud Computing/Cloud Management
- Fellow Heptonian Chuck Ha walks through some Kubernetes logs to show how to use them to better understand the relationships between the various components.
- Gabe Monroy introduces Dev Spaces for AKS, a developer productivity-focused feature that aims to make it easier for developers to build and troubleshoot microservices in a Continue reading
An Update on the Docker FIPS 140-2 Compliance Initiative
Last year, we announced our pursuit of FIPS 140-2 validation of the Docker Enterprise container platform. This meant starting with the included cryptography components at the Docker Engine foundation to better address the rigorous security requirements of government agencies and others in regulated industries. Over the last year, we’ve progressed through the NIST Cryptographic Module Validation Program (CMVP), from “Implementation Under Test” to “Module In Process” and are nearing full completion of validation. Track our progress online at NIST’s CMVP website and as of this post, we are “Module In Process, Coordination”. We are anticipating full validation of Docker Engine – Enterprise in the coming months.
Recently Docker Engine – Enterprise version 18.03 was released, our first to include the FIPS 140-2 compliant modules currently undergoing validation by the NIST CMVP. These modules cover the cryptography elements in Docker Engine – Enterprise and are used when Engines are deployed standalone or with Docker Swarm enabled.
Compliance from Docker Engine to Container Platform
Additionally we are working to bring the FIPS 140-2 compliant modules into the remainder of the Docker Enterprise container platform and make this available to our customers. This will include FIPS 140-2 compliance for the private registry and management Continue reading
The Total Economic Impact of Red Hat Ansible Tower
The Total Economic Impact of Red Hat Ansible Tower is a Red Hat commissioned Forrester Consulting study published in June 2018. This study demonstrates the cost savings and business benefits enabled by Ansible. Let’s dive into the what Ansible Tower enables, the efficiencies gained, the acceleration of revenue recognition, and other tangible benefits.
Faster Revenue Recognition
Revenue recognition is a critical aspect of business operations. Quickening the pace of revenue recognition is something every organization has their eye on. Forrester’s TEI of Ansible Tower observed a company cutting delivery lead times by 66%. Imagine the pace of feature deployment an organization experiences when cutting lead times from days to hours!
System reconfiguration times fell as well. Automating changes due to new bugs or policy changes across systems helps mitigate the costly impact of reconfiguration. This company found that the total time savings of being able to reconfigure a fleet of systems through Ansible automation reduced staff hours by 94% for this type of work.
The TEI also measured the security and compliance gains of Ansible Tower. Ansible Tower reduced staff hours spent patching systems by 80%. This also meant that patching systems could occur more often. This helped reduce the Continue reading
Proactive Ops for Container Orchestration Environments: Monitoring and Logging Strategies with Docker Enterprise
Over the last decade, the popularity of microservices and highly-scalable systems has increased, leading to an overall increase in the complexity of applications that are now distributed heavily across the network with many moving pieces and potential failure modes.
This architectural evolution has changed the monitoring requirements and led to a need for scalable and insightful tooling and practices to enable us to better identify, debug and resolve issues in our systems before they impact the business and our end users (internal and/or external).
I recently gave a talk at DockerCon SF 18 discussing functionality in Docker Enterprise that enables operators to more easily monitor their container platform environment, along with some key metrics and best practices to triage and remediate issues before they cause downtime.
You can watch the full talk here:
Monitoring Methodologies
One of the most well-known early monitoring techniques was the USE method from Brendan Gregg at Netflix. USE specified that for every resource we should be monitoring utilization (time spent servicing work), saturation (the degree to which a resource had work it couldn’t service) and errors (number of error events). This model worked well for more hardware / node centric metrics but network-based Continue reading
VMworld 2018 Prayer Time
For the last several years, I’ve organized a brief morning prayer time at VMworld. This year, I won’t be at the conference, but I’d like to help coordinate a time for believers to meet nevertheless. So, if you’re a Christian interested in gathering together with other Christians for a brief time of prayer, here are the details.
What: A brief time of prayer
Where: Mandalay Bay Convention Center, level 1 (same level as the food court), at the bottom of the escalators heading upstairs (over near the business center)
When: Monday 8/27 through Thursday 8/30 at 7:45am (this should give everyone enough time to grab breakfast before the keynotes start at 9am)
Who: All courteous attendees are welcome, but please note this will be a distinctly Christian-focused and Christ-centric activity (I encourage believers of other faiths/religions to organize equivalent activities)
Why: To spend a few minutes in prayer over the day, the conference, the attendees, and each other
You don’t need to RSVP or anything like that, although you’re welcome to if you’d like (just hit me up on Twitter). As I mentioned, I won’t be at the conference, so I’ll ask folks who have attended prayer time in Continue reading
Docker SF Chapter Meetup: BuildKit and Container Orchestration
Last week, we had a great turnout for the Docker San Francisco chapter event at HQ! The meetup was focused on two of the most popular talks from DockerCon on BuildKit and container orchestration with Kubernetes and Docker Swarm. The purpose was to give people who couldn’t attend these talks a chance to hear to hear them live, provide the opportunity to ask the speakers questions and network with other members of the container ecosystem.
‘Introduction to BuildKit: the Next Generation Builder Component’
Watch Tibor Vass’ Presentation
First, we had Tibor Vass, a software engineer on the Engine Team at Docker and maintainer of the Docker project since 2014, take the podium with his talk ‘Introduction to BuildKit: the Next Generation Builder Component’. In this talk, Tibor went into detail about the latest developments around the builder component of the Docker Platform including BuildKit, a toolkit that builds on containerd to provide next-generation capabilities for building software with the help of containers. Watch his talk to learn about the architecture and design choices of BuildKit’s frontend model, how to use BuildKit directly, and how to leverage its features in Docker. There were a number of great questions from particularly engaged community members!
Using the win_dsc Module in Ansible
Hello, and welcome to another Getting Started with Ansible + Windows post! In this article we’ll be exploring what Desired State Configuration is, why it’s useful, and how to utilize it with Ansible to manage your Windows nodes.
What is DSC?
So what exactly is Desired State Configuration? It’s basically a system configuration management platform that uses the declarative model; in other words, you tell DSC the “what”, and it will figure out the “how”. Much like Ansible, DSC uses push-mode execution to send configurations to the target hosts. This is very important to consider when delivering resources to multiple targets.
This time-saving tool is built into PowerShell, defining Windows node setup through code. It uses the Local Configuration Manager (which is the DSC execution engine that runs on each node).
Microsoft fosters a community effort to build and maintain DSC resources for a variety of technologies. The results of these efforts are curated and published each month to the Powershell Gallery as the DSC Resource Kit. If there isn't a native Ansible module available for the technology you need to manage, there may be a DSC resource.
How Do You Use DSC with Ansible?
DSC Resources are distributed as Continue reading
How BCG Gamma is Transforming Analytics with Docker
Changing the culture and service offerings of a big consulting firm isn’t easy, but BCG has been on that path for the past five years. BCG has evolved from traditional consulting services into a digital transformation powerhouse with six divisions that deliver strategic and technical services to clients.
One of those divisions, BCG Gamma, is a global team of world-class data scientists who build data analytics, machine learning, and artificial intelligence solutions for the firm’s clients. But building and shipping analytics, ML and AI applications to clients is challenging. Andrea Gallego, CTO of the division, is charged with creating an infrastructure that can support delivering high-quality ML and AI models at scale.
The Challenge: Shipping ML and AI Software to Clients at Scale
The big question on her mind was how BCG Gamma could not only build models, but deliver them to clients at the edge with real-time orchestration, monitoring and updates. GDPR and other regulations also meant she had to do this while ensuring integrity, consistency and lineage across data models.
Andrea and her team launched the BCG GammaX initiative, a core team of 30 engineers specializing in analytics software engineering, data engineering, UX design, distributed systems, and Continue reading
Kubernetes is Now Available In Docker Desktop Stable Channel
Back in January we made Kubernetes available in our Edge release channels for Docker Desktop on macOS and on Windows. Today we’re excited to announce that Kubernetes orchestration has graduated to the Stable release channels for Docker Desktop!
Docker Desktop is the fastest and simplest way to get a Kubernetes cluster running on your desktop machine, while still giving you the freedom to choose Docker Swarm if you prefer. Docker Developer Advocate Elton Stoneman recently created a short video demonstrating Docker Desktop on both Windows and Mac. In the video, Elton demonstrates:
- Enabling Kubernetes and alternating between Kubernetes and Swarm
- Integrating Docker Desktop and containers in to your environment and workflow
- Deploying .NET, NodeJS, and Java apps with Docker Desktop, including deploying to Kubernetes with a Compose file
Click image below to watch video:
Docker Desktop is simple to install on macOS and Windows 10 Pro or Enterprise, and is available at the links below. If you’re already using Docker Desktop and you’re in the Stable channel (which is default) then you should see an auto-update notification soon.
What You Can Do with Kubernetes on your desktop?
Docker Desktop is the most popular way to configure a Docker dev Continue reading
How to Get Your Apps off Windows 2003 and Into the Cloud with Docker Enterprise
Docker Windows Containers with Docker Enterprise
A huge number of companies are still running apps on Windows Server 2003 and 2008 in the data center. They want to move to a modern, secure, supported platform which gives them the flexibility to run in the data center today – and in any cloud tomorrow. Docker gives them that flexibility, and you can move your apps to Docker without changing any code.
That was the focus of our recent webinar, where we showed several apps currently running on Windows Server 2003, and packaged them to run as Docker Windows containers. We showed all the steps to migrate the apps with no code changes, and then we ran them in Docker Enterprise on a Windows Server 2016 VM running in Azure.
You can watch the full video of the webinar here – it comes in at just over 60 minutes:
In the webinar, you see the portability that Docker Enterprise gives you. The applications we move are a mixture of older web technologies – static HTML, classic ASP and ASP.NET WebForms. The apps from the demo and the Dockerfiles are on GitHub here. They could be 15-year old apps and you Continue reading
Bolstering my Software Development Skills
I recently tweeted that I was about to undertake a new pet project where I was, in my words, “probably going to fall flat on my face”. Later, I asked on Twitter if I should share some of the learning that will occur (is ocurring) as a result of this new project, and a number of folks indicated that I should. So, with that in mind, I’m announcing this project I’ve undertaken is a software development project aimed at helping me bolster my software development skills, and that I’ll be blogging about it along the way so that others can benefit from my mistakes…er, learning.
Readers may recall that my 2018 project list included a project to learn to write code in Golang. At the time, I indicated I’d use Kubernetes and related projects, along with my goal of making more open source contributions, as a vehicle for helping to accomplish that goal. In retrospect, that was quite ambitious, and I’ve since come to the realization that there are a number of “baby steps” that I need to take before I am ready to use a large software project like Kubernetes as a means to help improve my coding skills. Continue reading